I have to say this loud and clear: I love Troy Hunt blog!

You can find there some really funny yet scary stories about our times. In all the fantastic material you can find there, I have found particularly hilarious and troublesome a couple of articles about current practices around credential management. The first one is quite old, but its value has not diminished over the years : it is about password filtering and it introduces some nice examples about what you should not do.

The second article has just been published, and show some very bad practices about credential management.
I owe you a beer, Troy! 🙂

The Security Tools Product Group has just released a preview of the next version of the Threat Modeling Tool. It contains a load of usability improvements and a new template for Azure, developed by the Application Security Community within Microsoft Services, and in particular by the fine colleagues from the Global Delivery Team in Hyderabad.

You can find the announcement here.

Congratulations to the Security Tools Product Group, to the WW SDL Community and to the colleagues in the IGD Team!

I have just prepared a new minor release to fix a blocking bug in Threats Manager: the new release has been marked with version 1.5.52.

  • [BUG] Error when opening a document created with a Custom Template.

 

Please use the new version instead of the previous one.

You can download the new version from here.

This is the first “Pill on Threats Manager” and discusses in 10′ how to use Threats Manager to prioritize Threats very efficiently. Enjoy!

Threats Manager v1.5.51 has been shared very recently.

This new video presents the new version and discusses some of its key characteristics. It will be followed soon by a series of “Pills on Threats Manager”, discussing specific characteristics in about 10′.

Be prepared to learn how to do your own Threat Models at light speed!

I have just prepared the first release to fix a couple of bugs over version 1.5.50. This is a minor version (1.5.51), which solves the following problems:

  • [BUG] Error when openining TM 1.5.50 on an a PC that has not seen TM yet.
  • [BUG] Custom Threats cause an ArgumentNullException in GetPriorityForThreatTypeName.

Please use the new version instead of the previous one.

You can download the new version from here.

A new version of the Threats Manager is out, with many important improvements for usability and bug fixes!

Continue Reading...